Message 280620 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	kchen
Recipients	christian.heimes, kchen
Date	2016-11-11.23:30:24
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1478907024.8.0.970370695387.issue28671@psf.upfronthosting.co.za>
In-reply-to

Content
When a Python HTTPS server requests client certificates, it should send a CA list so the client knows which certificates are acceptable. It looks like right now Python calls SSL_CTX_load_verify_locations, so once the client certificate is sent, Python can verify whether the client against the specify CAs. However, it looks like Python should also call SSL_CTX_set_client_CA_list so the client knows which certificates to send.

When a Python HTTPS server requests client certificates, it should send a CA list so the client knows which certificates are acceptable.

It looks like right now Python calls SSL_CTX_load_verify_locations, so once the client certificate is sent, Python can verify whether the client against the specify CAs.  However, it looks like Python should also call SSL_CTX_set_client_CA_list so the client knows which certificates to send.

History
Date	User	Action	Args
2016-11-11 23:30:24	kchen	set	recipients: + kchen, christian.heimes
2016-11-11 23:30:24	kchen	set	messageid: <1478907024.8.0.970370695387.issue28671@psf.upfronthosting.co.za>
2016-11-11 23:30:24	kchen	link	issue28671 messages
2016-11-11 23:30:24	kchen	create